Prioritizing Industrial Security Findings in Agile Software Development Projects (ICSE 2023 - Industry Forum) - ICSE 2023

Write a Blog >>

Sun 14 - Sat 20 May 2023 Melbourne, Australia

Who

Markus Voggenreiter, Ulrich Schöpp

Track

ICSE 2023 Industry Forum

Time Zone

The program is currently displayed in (GMT+10:00) Hobart.

Use conference time zone: (GMT+10:00) HobartSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

When

Thu 18 May 2023 14:45 - 15:00 at Meeting Room 112 - Industry forum 2 Chair(s): Steve Versteeg

Abstract

Automating repetitive activities is a key principle in most software development approaches employed in the industry. This implies that security activities and all related processes should be investigated for automation capabilities, particularly the management of security findings and vulnerabilities. Consid- ering the limited time available for each release and the vast flood of findings by automated security testing, prioritizing security finding responses is essential. In this paper, we present a partially automated process to prioritize security findings in industrial software development projects. We utilize a two-staged calculation process to produce a prioritization score, representing the finding’s severity and factors like stakeholder input alike. This process was evaluated by conducting structured interviews with security professionals while also integrating the approach in ongoing industrial software development projects. The results indicate the potential of the process in terms of usefulness and correctness for agile software development projects.

Markus Voggenreiter

Siemens Technology / LMU Munich

Germany

Ulrich Schöpp

fortiss GmbH

Germany

Time Zone

The program is currently displayed in (GMT+10:00) Hobart.

Use conference time zone: (GMT+10:00) HobartSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Session Program

Thu 18 May
Displayed time zone: Hobart change

	13:45 - 15:15	Industry forum 2Industry Forum at Meeting Room 112 Chair(s): Steve Versteeg Microsoft

	13:45 15m Talk		Challenges of Testing an Evolving Cancer Registration Support System in Practice Industry Forum Christoph Laaber Simula Research Laboratory, Tao Yue Simula Research Laboratory, Shaukat Ali Simula Research Laboratory, Thomas Schwitalla Cancer Registry of Norway, Jan F. Nygård Cancer Registry of Norway
	14:00 15m Talk		Can we Knapsack Software Defect Prediction? Nokia 5G Case Industry Forum Szymon Stradowski Nokia & Wrocław University of Science and Technology, Lech Madeyski Wroclaw University of Science and Technology
	14:15 15m Talk		UnitTestBot: Automated Unit Test Generation for C Code in Integrated Development Environments Industry Forum Dmitry Ivanov Huawei, Alexey Babushkin , Saveliy Grigoryev Huawei, Pavel Iatchenii , Vladislav Kalugin Huawei, Egor Kichin Huawei, Egor Kulikov Huawei, Aleksandr Misonizhnik Saint-Petersburg State University, Dmitry Mordvinov Huawei, Sergey Morozov Huawei, Olga Naumenko Huawei, Alexey Pleshakov , Pavel Ponomarev Meta; Georgia Institute of Technology, Svetlana Shmidt Huawei, Alexey Utkin , Vadim Volodin , Arseniy Volynets
	14:30 15m Talk		Challenges of Evolving Legacy Software in a Small Team Industry Forum Bowie Owens CSIRO, Geoffrey Lee CSIRO, Zili Zhu CSIRO, Thomas Lo CSIRO
	14:45 15m Talk		Prioritizing Industrial Security Findings in Agile Software Development Projects Industry Forum Markus Voggenreiter Siemens Technology / LMU Munich, Ulrich Schöpp fortiss GmbH
	15:00 15m Talk		Enhancing Maritime Data Standardization and Integrity using Docker and Blockchain Industry Forum Shuai Wang DNV AS, Nikita Karandikar DNV AS, Knut Erik Knutsen DNV AS, Xiao Gang Tony Tong DNV Global, Tom Edseth DNV AS, Zealo Xu Zile DNV Global